我是Laravel新手(非常新手)在Laravel 5.2上使用Cartalyst Sentinel来利用角色授权。
在管理部分,我有三个(或更多)角色,即“admin”,“agent”和“writer”。
我还有一些应该具有混合角色访问权限的部分,例如:
目前我设法只使用两个角色,但现在我被卡住了。
到目前为止我做了什么(我只提供了必要的代码):
routes.php文件
// only authenticated users can access these pages
Route::group(['prefix' => 'admin', 'as' => 'admin.', 'middleware' => ['check']], function(){
// these pages are accessible to all roles
Route::get('dashboard', ['as' => 'dashboard', function(){
return view('admin/dashboard');
}]);
// only admin can access this section
Route::group(['middleware' => 'admin'], function(){
Route::get('users', function(){
return view('admin/users');
});
});
});
SentinelCheck中间件(在Kernel.php中命名为'check')
if (!Sentinel::check()) { // user is not authenticated
return redirect()->route('admin.login')->with('error', 'You must be logged to view the page');
}
if (Sentinel::inRole('customer')) { // user is authenticated but he is a customer
return redirect()->route('admin.login')->with('error', 'You are a customer and cannot access to backend section');
}
SentinelAdmin中间件(在Kernel.php中命名为“admin”)
if (!Sentinel::inRole('admin')) { // user is authenticated but he is not an admin
return redirect()->route('admin.login')->with('error', 'You are not admin and cannot view requested section');
}
SentinelAgent中间件(在Kernel.php中命名为'agent')
if (!Sentinel::inRole('agent')) { // user is authenticated but he is not an agent
return redirect()->route('admin.login')->with('error', 'You are not agent and cannot view requested section');
}
到目前为止,正如我所说的那么好,但当我尝试混合角色时,事情变得糟糕;即我不能写这样的路线:
// only admin and agent can access this section
Route::group(['middleware' => ['admin', 'agent']], function(){
Route::get('orders', function(){
return view('admin/orders');
});
});
因为“代理”将永远不会到达该部分,因为“admin”中间件将阻止并注销他。而且,同样,我不能做其他所有角色组合:
['middleware' => ['admin', 'writer']]
['middleware' => ['agent', 'writer']]
['middleware' => ['admin', 'writer', 'whatever_else_role']]
等。
那么,是否有一种(简单)方法可以轻松地将角色访问混合到各个部分?在此先感谢您的帮助